This chapter is from the book

This chapter is from the book

This chapter provides an in-depth review of the network integration and interception capabilities of Cisco WAAS. The chapter begins by describing the options for basic connectivity, including link aggregation and NIC teaming. This is followed by a discussion of the interception methods available for redirecting traffic to a WAAS device for optimization. The techniques and methods discussed in this chapter form the foundation of the design and deployment solutions presented in subsequent chapters of this book.

Interface Connectivity

Each Cisco Wide Area Application Engine (WAE) has two 10/100/1000BASE-T Ethernet interfaces. In a typical deployment, each WAE is connected using a single interface to a LAN switch or router. By default, WAE interfaces auto-negotiate their speed and duplex. You can optionally configure the interface speed to 10 or 100 Mbps. In order for the interface speed to run at 1000 Mbps, it must be configured for auto-negotiation. The duplex of the interface is also configurable.

CAUTION

Do not configure WAE interfaces for half-duplex operation. The collision and retransmission behavior of half-duplex Ethernet has a negative effect on WAE performance.

The router-integrated network module (NME-WAE) is also equipped with two Ethernet interfaces, but only one interface is accessible externally. The other interface connects directly to the internal router PCI bus at 1 Gbps and is configured in a similar manner as an external interface would be configured on a WAE appliance. Unlike a WAE appliance configuration, the WAE interface IP address and default gateway are configured as part of the Cisco IOS interface configuration where the NME-WAE is installed. Figure 4-1 shows the physical interface layout on the router-integrated NME-WAE.

The WAE interface configuration options are similar to the Cisco IOS configuration options, both in terms of function and CLI commands. Example 4-1 shows the interface configuration options available on a WAE.

One of the interface configuration commands that behaves differently in WAAS versus IOS is the bandwidth command. The bandwidth interface configuration command in WAAS is used to specify the speed of the interface when auto-negotiation is disabled. The way in which the standby interface command is used is another important difference between WAAS and IOS. In IOS, the standby interface command is used for configuring the Hot Standby Router Protocol (HSRP) feature, while in WAAS it is used to configure the standby interface feature, described in the next section. You can see from the output in Example 4-1 that the remaining WAAS interface configuration commands are similar to the corresponding IOS interface configuration commands.

You can explicitly configure the interface with an IP address and subnet mask, or the WAE can acquire an IP address using DHCP. Each WAE interface can also be configured with multiple secondary IP addresses. It is also possible for the same interface to acquire an IP address through DHCP, and have multiple secondary IP addresses statically configured. By default, the interfaces on a WAE are administratively disabled, and are automatically enabled when a valid IP address is configured.

This is how WAE interfaces are referred to during configuration through the CLI or GUI. The interfaces also have an internal name by which the Linux operating system knows them. Table 4-1 shows the mapping between the internal and external interface names.

Table 4-1. WAE External and Internal Interface Names

IOS Name

Internal Name

gigabitEthernet 1/0

eth0

gigabitEthernet 2/0

eth1

Understanding the internal name of an interface is useful for understanding system log messages and using internal operating system tools, such as Ethereal or Tcpdump, which are useful for capturing traffic for offline analysis.

Just like the interface configuration, the outputs of interface show commands in WAAS are similar to Cisco IOS. Example 4-2 shows the output from the show interface command in WAAS.

In addition to the normal interface information, such as IP address, Ethernet address, and counters, each interface also has a set of flags. These flags are the same flags that can be seen in the output of the ifconfig command in Linux. The two most important flags are UP and RUNNING. The presence of the UP flag indicates that the interface is administratively enabled. The presence of the RUNNING flag indicates that line protocol on the interface is operational.

Link Aggregation Using EtherChannel

To increase the available interface bandwidth for a WAE, Cisco WAAS supports EtherChannel. EtherChannel allows for the grouping of multiple physical interfaces to create a single "virtual" interface. The virtual interface, which functions as a single interface, has the aggregate bandwidth of the available physical interfaces in the channel group. EtherChannel is useful when the output from a single WAE exceeds the physical limitations of a single interface. For example, some remote sites may only have 100-Mbps LAN connections available, whereas the traffic from a single WAE can easily exceed 100 Mbps. In these situations, using EtherChannel to group both physical WAE interfaces together provides 200 Mbps of usable interface bandwidth.

In addition to increasing the available interface bandwidth, the EtherChannel has automatic failure and recovery detection based on the link state of each individual interface. In the event of a single interface failure, traffic continues to pass over the remaining interface in the channel group. The EtherChannel interface uses the MAC address from one of the physical interfaces in the group. The same MAC address is used persistently for the EtherChannel interface, even if the physical interface associated with that MAC address goes down. The formation of an EtherChannel in WAAS is based purely on device configuration. WAAS does not support Cisco Port Aggregation Protocol (PAgP) or 802.3ad Link Aggregation Control Protocol (LACP). When configuring EtherChannel between a WAE and a LAN switch, the channel mode on the LAN switch should be set to On for the WAE EtherChannel.

By default, the WAE load balances packets across all available interfaces in the channel group using a round-robin algorithm. WAAS also supports load balancing using destination IP address or destination MAC address.

Figure 4-2 shows a WAE connected to a single LAN switch using EtherChannel.

Each member of the channel group, along with the status of the interface, is shown at the beginning of the output. The MASTER flag in the example output indicates that this is the virtual EtherChannel interface. Also notice the Ethernet address, which is taken from one of the physical interfaces in the channel group. Example 4-5 demonstrates the same command for each physical interface in the channel group.

The command output for each physical interface is the same as it is without EtherChannel configured, with the following exceptions:

The SLAVE flag is set, indicating that the interface is part of an EtherChannel group.

The Ethernet address for each interface is the same, and matches the MAC address used by the virtual EtherChannel interface.

Using the Standby Interface Feature

When you do not require increased interface bandwidth but desire interface redundancy, you can use the standby interface feature. The standby interface feature configures both physical interfaces on the WAE in an active/standby failover pair. At any point in time, only one of the interfaces is active and passing traffic. The second interface, or standby interface, is passively waiting to take over in the event that the active interface fails. When the active interface fails, the standby interface takes over the active role. When the previously active interface recovers, it assumes the standby role. The interface with the highest priority is preferred as the active interface. The priority is configurable.

The standby interface feature has become a popular choice for deployments because the WAE can be physically connected to two different LAN switches. This prevents the failure of a single LAN switch or switchport from disrupting the operation of the WAE. Figure 4-3 shows an example of a WAE connected using the standby interface feature.

The failure of the active interface in the standby group is detected using three different methods. The first method monitors the link state of the active interface. Line protocol is up when the RUNNING flag is present on the Ethernet interface. If line protocol fails on the active interface, the interface is marked as down.

The second method uses an ICMP ping to check availability of the default gateway configured on the WAE. An ICMP echo request is sent once every 10 seconds to the configured default gateway. If there is a response to the echo request, the interface is considered up. If there is no response to the echo request, five more echo requests are sent. If at least three responses are received, the interface is considered up. Otherwise, the interface is considered failed, and the interface is marked as down.

The final method available for monitoring the health of the active interface uses the interface error count to determine if an unacceptable number of errors have been seen on the interface. The error count is the absolute number of transmit and receive errors on the active interface. This check is disabled by default, but can be enabled using the following command:

errors1-2147483647

The interface state and error counts (when configured) are checked once every 10 seconds. If the active link fails or the error count threshold is exceeded, the interface with the next highest priority is activated. When the failed interface recovers, it becomes the standby interface for the group. The standby interface does not have a preempt capability. When a new interface is activated, the WAE generates a gratuitous ARP to update the MAC address for the shared IP on all other devices on the same subnet. This prevents devices from sending traffic to the shared IP address on the WAE to the MAC address of the failed WAE interface.

Standby Interface Configuration

Configuring the standby interface feature in WAAS involves the following steps:

Step 1 Create a virtual standby interface.

Step 2 Configure an IP address and subnet mask for the standby interface.

Example 4-6. WAE Standby Interface Configuration

You should observe the following limitations when configuring the standby interface feature within WAAS:

The physical interfaces in the standby group do not require IP addresses.

The standby interface feature does not have a preempt capability.

Each physical interface can be assigned a numeric priority between 1 and 2,147,483,647. The default standby priority for an interface is 100. The virtual standby interface uses the MAC address of the active interface. When the active interface fails and the standby interface takes over, the WAE generates a gratuitous ARP request to update the adjacent devices with the new MAC address associated with the WAE IP address.

To check the status of the standby interface, use the show interface Standbystandby-interface-number command. Example 4-7 shows the output of this command.

Each member of the standby group, as well as the status of the interface, is shown in the output. The current active interface is also displayed. The output for each physical interface is shown in Example 4-8.